Modern vehicles are equipped with a large number of electronic control units, ECUs, which vary in processing capability, functionality and complexity. The electronic control units, ECUs, are used to monitor and control functional and safety critical components such as engine, transmission (powertrain) and safety components (e.g. airbags, seatbelt tensioners etc.), and non-critical components such as navigation, entertainment components and telematics. The electronic control units, ECUs, are interconnected via several in-vehicle networks including in particular Controller Area Network, CAN, which has become the de facto standard due to its widespread deployment. Other standards include the Local Interconnect Network (LIN), which was designed for simpler vehicle components, such as roof, power seats or windows, and FlexRay, which provides more capabilities but at the costs of complexity and expanse in comparison with CAN.
Controller Area Network, CAN, was originally designed without security in mind, and its design choices were greatly dominated by such strict constraints as low cost and low network latency in isolated/closed environments. Therefore, controller Area Network, CAN, protocol lacks data authentication or privacy, thus becoming susceptible to various attacks.
Vehicle manufacturers are now departing from this closed operation of in-vehicle networks by allowing external entities to send commands from a remote site to in-vehicle components for diagnosis and anti-theft purposes. Moreover, vehicle manufacturers also face the situation that electronic control units, ECUs, with interfaces exposing the communication on the in-vehicle networks to external entities are available to third parties. Connecting/exposing a vehicle's internal subsystems and communication between them to external entities create serious security and safety risks. The security architecture of CAN is too weak to deal with this type of exposure.
Improving security of the in-vehicle networks such as Controller Area Network, CAN, has to take into consideration that ECUs are typically very resource-constrained for cost and size reasons, which means that requiring them to perform more than a simple computation can degrade/compromise their intended functionality and/or required performance.
To address these and other weaknesses of existing CAN protocols, this disclosure proposes an efficient security protocol, which does not require modifications of current, cost-conscious in-vehicle networks. In particular, the disclosure proposes an efficient security protocol, which does not require modifications of the physical layer implementation of in-vehicle network enables electronic control units, ECUs.